Re: [PATCH v19 036/130] KVM: TDX: x86: Add ioctl to get TDX systemwide parameters

From: Huang, Kai
Date: Thu Mar 21 2024 - 18:27:14 EST

Next message: Jesse Brandeburg: "Re: [PATCH net] ice: Fix freeing uninitialized pointers"
Previous message: Rob Herring: "Re: [PATCH v3 8/9] dt-bindings: xlnx: Add VTC and TPG bindings"
Next in thread: Isaku Yamahata: "Re: [PATCH v19 036/130] KVM: TDX: x86: Add ioctl to get TDX systemwide parameters"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 26/02/2024 9:25 pm, Yamahata, Isaku wrote:

From: Sean Christopherson <sean.j.christopherson@xxxxxxxxx>

Implement an ioctl to get system-wide parameters for TDX. Although the
function is systemwide, vm scoped mem_enc ioctl works for userspace VMM
like qemu and device scoped version is not define, re-use vm scoped
mem_enc.

-EPARSE for the part starting from "and device scoped ...".

Grammar check please.

Signed-off-by: Sean Christopherson <sean.j.christopherson@xxxxxxxxx>
Signed-off-by: Isaku Yamahata <isaku.yamahata@xxxxxxxxx>
---
v18:
- drop the use of tdhsysinfo_struct and TDH.SYS.INFO, use TDH.SYS.RD().
For that, dynamically allocate/free tdx_info.
- drop the change of tools/arch/x86/include/uapi/asm/kvm.h.

v14 -> v15:
- ABI change: added supported_gpaw and reserved area.

Signed-off-by: Isaku Yamahata <isaku.yamahata@xxxxxxxxx>
---
arch/x86/include/uapi/asm/kvm.h | 17 ++++++++++
arch/x86/kvm/vmx/tdx.c | 56 +++++++++++++++++++++++++++++++++
arch/x86/kvm/vmx/tdx.h | 3 ++
3 files changed, 76 insertions(+)

diff --git a/arch/x86/include/uapi/asm/kvm.h b/arch/x86/include/uapi/asm/kvm.h
index 9ea46d143bef..e28189c81691 100644
--- a/arch/x86/include/uapi/asm/kvm.h
+++ b/arch/x86/include/uapi/asm/kvm.h
@@ -604,4 +604,21 @@ struct kvm_tdx_cpuid_config {
__u32 edx;
};
+/* supported_gpaw */
+#define TDX_CAP_GPAW_48 (1 << 0)
+#define TDX_CAP_GPAW_52 (1 << 1)
+
+struct kvm_tdx_capabilities {
+ __u64 attrs_fixed0;
+ __u64 attrs_fixed1;
+ __u64 xfam_fixed0;
+ __u64 xfam_fixed1;
+ __u32 supported_gpaw;
+ __u32 padding;
+ __u64 reserved[251];
+
+ __u32 nr_cpuid_configs;
+ struct kvm_tdx_cpuid_config cpuid_configs[];
+};
+

I think you should use __DECLARE_FLEX_ARRAY().

It's already used in existing KVM UAPI header:

struct kvm_nested_state {
...
union {
__DECLARE_FLEX_ARRAY(struct kvm_vmx_nested_state_data,
vmx);
__DECLARE_FLEX_ARRAY(struct kvm_svm_nested_state_data,
svm);
} data;
}

#endif /* _ASM_X86_KVM_H */
diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c
index 07a3f0f75f87..816ccdb4bc41 100644
--- a/arch/x86/kvm/vmx/tdx.c
+++ b/arch/x86/kvm/vmx/tdx.c
@@ -6,6 +6,7 @@
#include "capabilities.h"
#include "x86_ops.h"
#include "x86.h"
+#include "mmu.h"
#include "tdx_arch.h"
#include "tdx.h"
@@ -55,6 +56,58 @@ struct tdx_info {
/* Info about the TDX module. */
static struct tdx_info *tdx_info;
+static int tdx_get_capabilities(struct kvm_tdx_cmd *cmd)
+{
+ struct kvm_tdx_capabilities __user *user_caps;
+ struct kvm_tdx_capabilities *caps = NULL;
+ int ret = 0;
+
+ if (cmd->flags)
+ return -EINVAL;

Add a comment?

/* flags is reserved for future use */

+
+ caps = kmalloc(sizeof(*caps), GFP_KERNEL);
+ if (!caps)
+ return -ENOMEM;
+
+ user_caps = (void __user *)cmd->data;
+ if (copy_from_user(caps, user_caps, sizeof(*caps))) {
+ ret = -EFAULT;
+ goto out;
+ }
+
+ if (caps->nr_cpuid_configs < tdx_info->num_cpuid_config) {
+ ret = -E2BIG;
+ goto out;
+ }
+
+ *caps = (struct kvm_tdx_capabilities) {
+ .attrs_fixed0 = tdx_info->attributes_fixed0,
+ .attrs_fixed1 = tdx_info->attributes_fixed1,
+ .xfam_fixed0 = tdx_info->xfam_fixed0,
+ .xfam_fixed1 = tdx_info->xfam_fixed1,
+ .supported_gpaw = TDX_CAP_GPAW_48 |
+ ((kvm_get_shadow_phys_bits() >= 52 &&
+ cpu_has_vmx_ept_5levels()) ? TDX_CAP_GPAW_52 : 0),
+ .nr_cpuid_configs = tdx_info->num_cpuid_config,
+ .padding = 0,
+ };
+
+ if (copy_to_user(user_caps, caps, sizeof(*caps))) {
+ ret = -EFAULT;
+ goto out;
+ }

Add an empty line.

+ if (copy_to_user(user_caps->cpuid_configs, &tdx_info->cpuid_configs,
+ tdx_info->num_cpuid_config *
+ sizeof(tdx_info->cpuid_configs[0]))) {
+ ret = -EFAULT;
+ }

I think the '{ }' is needed here.

+
+out:
+ /* kfree() accepts NULL. */
+ kfree(caps);
+ return ret;
+}
+
int tdx_vm_ioctl(struct kvm *kvm, void __user *argp)
{
struct kvm_tdx_cmd tdx_cmd;
@@ -68,6 +121,9 @@ int tdx_vm_ioctl(struct kvm *kvm, void __user *argp)
mutex_lock(&kvm->lock);
switch (tdx_cmd.id) {
+ case KVM_TDX_CAPABILITIES:
+ r = tdx_get_capabilities(&tdx_cmd);
+ break;
default:
r = -EINVAL;
goto out;
diff --git a/arch/x86/kvm/vmx/tdx.h b/arch/x86/kvm/vmx/tdx.h
index 473013265bd8..22c0b57f69ca 100644
--- a/arch/x86/kvm/vmx/tdx.h
+++ b/arch/x86/kvm/vmx/tdx.h
@@ -3,6 +3,9 @@
#define __KVM_X86_TDX_H
#ifdef CONFIG_INTEL_TDX_HOST
+
+#include "tdx_ops.h"
+

It appears "tdx_ops.h" is used for making SEAMCALLs.

I don't see this patch uses any SEAMCALL so I am wondering whether this chunk is needed here?

struct kvm_tdx {
struct kvm kvm;
/* TDX specific members follow. */

Next message: Jesse Brandeburg: "Re: [PATCH net] ice: Fix freeing uninitialized pointers"
Previous message: Rob Herring: "Re: [PATCH v3 8/9] dt-bindings: xlnx: Add VTC and TPG bindings"
Next in thread: Isaku Yamahata: "Re: [PATCH v19 036/130] KVM: TDX: x86: Add ioctl to get TDX systemwide parameters"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]